Taskmgr regedit cmd ipconfig not working help please

Status
Not open for further replies.
just recently my computer started getting lots of random popups then later on my ctrl alt del stopped bringing up taskmgr.

I have tried to run it with the run command and also trie using the alternative ctrl shift esc but it still doesn't work.
The same goes for cmd, regedit and ipconfig... they won't show up.

When I ran HijackThis here's what I got



Can anyone help me solve this problem.. I think my computer is seriously infected. :(
 
You've got Spyware

I had it and it was a killer.
this line from your HJT dump shows it
O4 - HKLM\..\Run: [rmalt] C:\Program Files\Update06\Setup.exe

I removed mine manually using xsetup pro to enable regedit but I found this link on Sophos that might work for you.

* Windows 2000/XP/2003
1. Download an emergency copy of SAV32CLI http://www.sophos.com/tools/sav32sfx.exe . On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
2. Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
3. At the infected computer, place the CD in the CD drive (D: in this example).
At the command prompt type

D:
to access the CD drive. Type:

CD SAV32CLI
Then type:

SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
to remove the Trojan.
4. Before leaving Safe Mode, edit any registry entries mentioned in the Trojan analysis recovery instructions.
5. If problems persist, contact support.

I didn't try this but Sophos is reliable so it should work.
 
Hello and welcome to Techspot.

Go HERE and follow the instructions for running Ewido.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Update06

Close control panel.

Open your task manager(if you can), by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Setup.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [rmalt] C:\Program Files\Update06\Setup.exe Unknown

O16 - DPF: {1319E67B-06AD-4C4B-9D85-9FEF7EDF7098} (NateOnMMSAtx Class) - http://web-color.nate.com/nateon_ocx...teOnMMSAtx.cab

O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/...eedNewCtrl.cab

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://css.hanaro.com/XecureObject/xw_install.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Update06

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log as an attachment into this thread. See HERE for instructions.

Regards Howard :wave: :wave:

This thread is for the use of chaoticjunk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back